Anda di halaman 1dari 4

Functional safety

From Wikipedia, the free encyclopedia

Functional safety is the part of the overall safety of a system or piece of equipment that depends on the system
or equipment operating correctly in response to its inputs, including the safe management of likely operator
errors, hardware failures and environmental changes.[1]

Contents
1 Objective of functional safety
2 Achieving functional safety
3 Certifying functional safety
4 Contemporary functional safety standards
5 See also
6 References
7 External links

Objective of functional safety


The objective of functional safety is freedom from unacceptable risk of physical injury or of damage to the
health of people either directly or indirectly (through damage to property or to the environment).

Functional safety is intrinsically end-to-end in scope in that it has to treat the function of a component or
subsystem as part of the function of the whole system. This means that whilst functional safety standards focus
on electrical, electronic, and programmable systems (E/E/PS), the end-to-end scope means that in practice
functional safety methods have to extend to the non-E/E/PS parts of the system that the E/E/PS actuates,
controls or monitors.

Achieving functional safety


Functional safety is achieved when every specified safety function is carried out and the level of performance
required of each safety function is met. This is normally achieved by a process that includes the following steps
as a minimum:

1. Identifying what the required safety functions are. This means the hazards and safety functions have to be
known. A process of function reviews, formal HAZIDs, HAZOPs and accident reviews are applied to
identify these.
2. Assessment of the risk-reduction required by the safety function. This will involve a safety integrity level
(SIL) or performance level or other quantification assessment. A SIL (or PL, AgPL, ASIL) applies to an
end-to-end safety function of the safety-related system, not just to a component or part of the system.
3. Ensuring the safety function performs to the design intent, including under conditions of incorrect
operator input and failure modes. This will involve having the design and lifecycle managed by qualified
and competent engineers carrying out processes to a recognised functional safety standard. In Europe,
that standard is IEC EN 61508, or one of the industry specific standards derived from IEC EN 61508, or
some other standard like ISO 13849.
4. Verification that the system meets the assigned SIL, ASIL, PL or agPL by determining the mean time
between failures and the safe failure fraction (SFF), along with appropriate tests. The SFF is the
probability of the system failing in a safe state: the dangerous (or critical) state states are identified from
a failure mode and effects analysis or (failure mode, effects, and criticality analysis) of the system
(FMEA or FMECA).
5. Conduct functional safety audits to examine and assess the evidence that the appropriate safety lifecycle
management techniques were applied consistently and thoroughly in the relevant lifecycle stages of
product.

Neither safety nor functional safety can be determined without considering the system as a whole and the
environment with which it interacts. Functional safety is inherently end-to-end in scope.

Certifying functional safety


Any claim of functional safety for a component, subsystem or system should be independently certified to one
of the recognized functional safety standards. A certified product can then be claimed to be Functionally Safe
to a particular Safety Integrity Level or a Performance Level in a specific range of applications: the certificate
is provided to the customers with a test report describing the scope and limits of performance.

An important element of functional safety certification is on-going surveillance by the certification agency.
This follow-up surveillance ensures that that product, sub-system, or system is still being manufactured in
accordance with what was originally certified for functional safety. Follow-up surveillance may occur as
various frequencies depending on the certification agency, but will typically look at the product's hardware,
software, as well as the manufacturer's ongoing compliance of functional safety management systems.

The principles underpinning functional safety were developed in the military, nuclear and aerospace industries,
and then taken up by rail transport, process and control industries developing sector specific standards.
Functional safety standards are applied across all industry sectors dealing with safety critical requirements.
Thousands of products and processes meet the standards based on IEC 61508: from bathroom showers,[2]
automotive safety products, medical devices, sensors, actuators, diving equipment,[3] Process
Controllers[4][5][6] and their integration to ships, aircraft and major plant.

In Europe, functional safety certification is supported by a well-developed infrastructure.[7][8] The CASS


Scheme is the primary method by which products are certified to IEC EN 61508 and related standards, through
accredited quality auditors. It is possible to certify both products and processes that manage the life-cycle of the
product, (in which case, the company certified would then issue a certificate of conformity to that certification
in respect of its relevant products).

The US FAA have similar functional safety certification processes, in the form of US RTCA DO-178B for
software and DO-254 for hardware,[9][10] which is applied throughout the aerospace industry.

In the USA, NASA developed an infrastructure for safety critical systems adopted widely by industry, both in
North America and elsewhere, with a standard,[11] supported by guidelines.[12] The NASA standard and
guidelines are built on ISO 12207, which is a software practice standard rather than a safety critical standard,
hence the extensive nature of the documentation NASA has been obliged to add, compared to using a purpose
designed standard such as EN 61508 with the CASS Templates. A certification process for systems developed
in accord with the NASA guidelines exists.[13]

Modern E/E/PS medical devices are being certified to 510(k) on the basis of the industry sector specific IEC
EN 62304 standard, based on IEC EN 61508 concepts.

The automotive industry, has developed the ISO 26262 Road Vehicles Functional Safety Standard based on
IEC 61508. The certification of those systems ensures the compliance with the relevant regulations and helps to
protect the public. The ATEX Directive has also adopted a functional safety standard, it is BS EN 50495:2010
'Safety devices required for the safe functioning of equipment with respect to explosion risks' covers safety
related devices such as purge controllers and Ex e motor circuit breakers. It is applied by Notified Bodies under
the ATEX Directive. The standard ISO 26262 particularly addresses the automotive development cycle. It is a
multi-part standard defining requirements and providing guidelines for achieving functional safety in E/E
systems installed in series production passenger cars. The standard ISO 26262 is considered a best practice
framework for achieving automotive functional safety.[14] (See also main article: ISO 26262). The compliance
process usually takes time as employees need to be trained in order to develop the expected competences.

Contemporary functional safety standards


The primary functional safety standards in current use are listed below:

IEC EN 61508 Parts 1 to 3 is a core functional safety standard, applied widely to all types of safety
critical E/E/PS and to systems with a safety function incorporating E/E/PS. (Safety Integrity Level - SIL)
UK Defence Standard 00-56 Issue 2
US RTCA DO-178B North American Avionics Software
US RTCA DO-254 North American Avionics Hardware
EUROCAE ED-12B European Airborne Flight Safety Systems
IEC 62304 - Medical Device Software
IEC 61513, Nuclear power plants Instrumentation and control for systems important to safety
General requirements for systems, based on EN 61508
IEC 61511-1, Functional safety Safety instrumented systems for the process industry sector Part 1:
Framework, definitions, system, hardware and software requirements, based on EN 61508
IEC 61511-2, Functional safety Safety instrumented systems for the process industry sector Part 2:
Guidelines for the application of IEC 61511-1, based on EN 61508
IEC 61511-3, Functional safety Safety instrumented systems for the process industry sector Part 3:
Guidance for the determination of the required safety integrity levels, based on EN 61508
IEC 62061, Safety of machinery - Functional safety of safety-related electrical, electronic and
programmable electronic control systems, based on EN 61508
ISO 13849-1, -2 Safety of machinery - Safety-related parts of control systems. Non-technology
dependent standard for control system safety of machinery. (Performance Levels - PL)
EN 50126, Railway Industry Specific - RAMS review of Operations, System and Maintenance
conditions for project equipment
EN 50128, Railway Industry Specific - Software (Communications, Signaling & Processing systems)
safety review
EN 50129, Railway Industry Specific - System Safety in Electronic Systems
EN 50495, Safety devices required for the safe functioning of equipment with respect to explosion risks
NASA Safety Critical Guidelines
ISO 25119 - Tractors and Machinery for Agriculture and Forestry -- Safety-Related Parts of Control
Systems
ISO 26262 - Road Vehicles Functional Safety

The standard ISO 26262 particularly addresses the automotive development cycle. It is a multi-part standard
defining requirements and providing guidelines for achieving functional safety in E/E systems installed in
series production passenger cars. The standard ISO 26262 is considered a best practice framework for
achieving automotive functional safety.[14]

See also
IEC 61508
ALARP
Hazard and Operability Study
HAZID
Safety Integrity Level
Spurious Trip Level
FMEA
FMEDA
References
1. "Focus Topics: Functional Safety"(http://www.tuv-sud.com/activity/focus-topics/functional-safety) . TV SD.
Retrieved 2016-10-31.
2. "RADA Sense - Shower T3"(http://www.radacontrols.com/onlinecatalog/pdf/p4639_2.pdf)(PDF). Rada. 2008.
3. "IEC 61508 Safety Case Example: Diving Equipment"(http://www.deeplife.co/or.php). Deep Life.
4. "Industrial IT System 800xA High Integrity"(http://www.abb.co.uk/cawp/seitp202/275AC9A14F5C6F69C1256F A9006
0650B.aspx). ABB.
5. "IEC 61508 SIL 3 certified RTOS" (http://www.ghs.com/products/industrial_safety.html). Green Hills Software.
6. "SAFETY AUTOMATION ELEMENT LIST"(http://www.exida.com/SAEL). exida.
7. "The 61508 Association"(http://www.61508.org).
8. "Safety Zone" (http://www.theiet.org/). Institution of Engineering and Technology.
9. V. Hilderman, T. Bagha,"Avionics Certification", A Complete Guide to DO-178B and DO-254,ISBN 978-1-885544-25-
4
10. C. Spritzer, "Digital Avionics Handbook, Second Edition - 2 V olume Set (Electrical Engineering Handbook", CRC
Press. ISBN 978-0-8493-5008-5
11. NASA Software Safety Standard NASA STD 8719.13A
12. NASA-GB-1740.13-96, NASA Guidebook for Safety Critical Software.
13. Nelson, Stacy (June 2003)."Certification Processes for Safety-Critical and Mission-Critical Aerospace Software"(http
s://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20040014965_2004000657.pdf) (PDF). NASA/CR2003-212806.
14. "26262-1:2011" (http://www.iso.org/iso/catalogue_detail?csnumber=43464ISO) . ISO. Retrieved 25 April 2013.

External links
IEC Functional safety zone
61508.org The 61508 Association

Retrieved from "https://en.wikipedia.org/w/index.php?title=Functional_safety&oldid=789506133"

Categories: Safety Risk management

This page was last edited on 7 July 2017, at 19:25.


Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may
apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia is a registered
trademark of the Wikimedia Foundation, Inc., a non-profit organization.